I. Overview:

CompTIA Cybersecurity Analyst (CySA+) is the premier certification for cyber professionals tasked with incident detection, prevention, and response through continuous security monitoring. It validates a tech professional's expertise in incident response and vulnerability management processes, emphasizing the critical communication skills necessary for effective security analysis and compliance.

II. Duration: 48 hours (6 days)

III. Objectives:

• Enhance security operations processes, differentiate threat intelligence and threat hunting, and identify malicious activity using appropriate tools.
• Conduct vulnerability assessments, prioritize vulnerabilities, and recommend effective mitigation strategies for vulnerability management.
• Apply attack methodology frameworks, perform incident response, and understand the incident management lifecycle to handle security incidents effectively.
• Utilize communication best practices to report on vulnerability management and incident response, providing stakeholders with actionable plans and meaningful metrics.

IV. Intended Audience:

All source analyst, warning analyst, forensics analyst, cyber defense forensics analyst, cyber crime investigator, systems security analyst, cyber defense analyst, cyber defense incident responder, vulnerability assessment analyst, security control assessor.

V. Prerequisites:

Recommended experience: Network+, Security+, or equivalent knowledge, with a minimum of 4 years of hands-on experience as an incident response analyst, security operations center (SOC) analyst, or equivalent experience.

VI. Course outlines:

1. Security Operations

• Explain the importance of system and network architecture concepts in security operations.
• Given a scenario, analyze indicators of potentially malicious activity.
• Given a scenario, use appropriate tools or techniques to determine malicious activity.
• Compare and contrast threat-intelligence and threat-hunting concepts.
• Explain the importance of efficiency and process improvement in security operations.

2. Vulnerability Management

• Given a scenario, implement vulnerability scanning methods and concepts.
• Given a scenario, analyze output from vulnerability assessment tools.
• Given a scenario, analyze data to prioritize vulnerabilities.
• Given a scenario, recommend controls to mitigate attacks and software vulnerabilities.
• Explain concepts related to vulnerability response, handling, and management.

3. Incident Response and Management

• Explain concepts related to attack methodology frameworks.
• Given a scenario, perform incident response activities.
• Explain the preparation and post-incident activity phases of the incident management life cycle.

4. Reporting and Communication

• Explain the importance of vulnerability management reporting and communication.
• Explain the importance of incident response reporting and communication.